tv Forum Focuses on Overseas Data Warrants and Social Media Privacy Concerns CSPAN July 14, 2017 7:05am-8:13am EDT
intelligence and its impacts on society. >> machines for centuries have been taking all forms of manual labor. now, when machines were taking over jobs from you name it manufacturing jobs, that's natural. machines coming after people with college degrees, political and twitter accounts and suddenly it's a big story. >> wall street journalist jason riley, blacks are disadvantaged. >> most groups in america have done so with little or no political influence. and groups that have enjoyed early political success have tended to rise more slowly. so it's not that you can't take the political root, you can, but
chances are you're going to rise more slowly than other roots. >> for more, go to booktv.org. >> next a discussion about a proposal to allow foreign police access to u.s. social media data. this is just over an hour. [inaudible conversations] >> good afternoon, everybody. hi, my name is erica, our briefing is from across the pond fighting while preserving
privacy. this caucus is with the support of the cochairs from the house side, congressman bob and anna shu and from the senate sideg john thune. just a couple of housekeepingvi things. we are live streaming this event so audio and video will be able shortly after the event on net caucus.org. also don't forget to follow us on twitter at netcaucus ac. just another quick reminder, before we begin we will be having our next event balancing national security and privacy, panel on fisa this friday at noon so we hope to see all of you again this friday. so without further due, i would like to hand this over to carrie
cordero, and so carrie, thank you very much for joining us. >> great. >> thanks everyone for joining us today. we welcome our audience of congressional staff means and others in government industry and civil society who are here today on capitol hill and thanks also for c-span for bringing this discussion to a wider audience. the congressional internet caucus has assembled a terrific panel of experts to discuss the legal policy and privacy issues involved, involving cross-border data request and court orders. i'm going briefly introduce panelists that are joining us today but their full bios are available on the congressional internet caucus website. each of them has extensive experience in government academia and civil society and
issues related to capitol hill, first to my left richard downing , criminal division of the i united states justice. to his left jen daskal and next is neema singh gullnl. so welcome all of you, thanks for being here today. i'm going give a couple openingo remarks and then we are going to proceed with our discussion, just to frame the conversation, we are all aware of the internet connectedness of our global communications. the communications and their stored data is no longer fixed. our focus of today's discussion as the title of this event indicates, data warrants from
across the pond fighting crime while preserving privacy. legislative and policy proposals that exist to facilitate foreign governments obtaining a legal mechanism through which a foreign law enforcement agency can obtain store data held by u.s. communications company. in other words, can a u.s. company help another government's investigation and still adhere to u.s. law? currently, if a foreign law enforcement investigators identifies that a subject of an investigation is using a u.s.-base provider, that government needs to work through what is known as the mutual legal assistance treaty process otherwise as the emla, actually precludes u.s. companies fromver handing over data to certain
countries. the challenge of foreign government's ability to access data held by u.s. companies is one issue. what to do about the law's lack of clarity and how the u.s. government can access data held by u.s. companies, when that data is physically stored outside of the united states is another related issue. that issue involves modern interpretation of the 19866 stored communications act which is working its way currently through the courts. its next stop in a case that was brought by microsoft and data that's held in ireland is currently next going to be withd united states supreme court. there are equities on all sides of these issues including how to ensure that law enforcement cani
do its job consistent with the fourth amendment, how to protect the privacy of global users of a network communications infrastructure and how to do right by private industry in a way that doesn't stifle innovation, lead to data localization and respects the challenges faced by global communications companies that may be caught between competing laws of different country. to the extent that there are sides to this issue, probably all of the participants in this discussion agree that these various camps exists and concerns that are expressed are legitimate. the question then is what comes next in terms of how to address these issues, what changes, if any, need to be made to united states law in order to accommodate these varying principles and objectives and what would those legislative changes potentially look like. before we get our discussions started with my panel here, i'm
going to invite up just for a few minutes chris randal and judd smith. mr. randle is legislative director in counsel for representative from new york and judge smith legislative director and counsel for representative tom marino of pennsylvania.sy they will speak a few minutes to describe legislative efforts that their members are engagedsn in [indiscernible] [no audio] >> sorry about that. for the past two congresses, my bosses been working to find a solution for the legal questions raised by law enforcement access. the current legal framework provided, or the electronic
communications privacy act was enacted in over 30 years ago, 1986. when congress debated in acting this legislation, the internet was in its infancy. technology clearly left the law behind. it is time to bring the outdated law to address 21st century problems. until we address it, this issue will continue to rise in the last year's decision from the courts with growing frequency. last year's decision from the second circuit in the microsoft case laid out a clear directive for congress to act. he understands the needs of law enforcement to obtain evidence in a timely and efficient manner. at the same time, he recognizes the importance of following the rule of law and preserving privacy. in the 114th congress he introduced international as anications privacy act first of towards finding a legislative solution. in the 115th congress, we were excited to working with
congressman jefferies to improve this bill. we have also been working with senator hatch and senator coons. this is true bipartisan effort. it is important that all parties , including privacy advocates, the d.o.j. and industry stakeholders have voice in this discussion. our goal is to find a solution that aligns these interests. the second circuit celebrity, congress needs to act in order to clarify and update the law. i look forward to hearing the insights from the panel today. good morning everybody. thank you for having us. as my colleague just said icpa , come to us in 1986. over 30 years ago. needless to say, there is a lot that has changed in telecommunications law since. what we have is a scenario where tech companies are in a place why they have to figure out whether or not they are going to adhere to certain privacy protections or others.
they have to make these difficult choices. foreign consumers are wondering whether or not tech companies are going to be able to adequately protect their privacy interests. theress has the role, responsibility as we did in 1986 to decide where the law goes under the circumstances. recently, the microsoft case decided that it cannot be used to permit territorial search warrant spirit our colleagues at the d.o.j. are seeking to get the supreme court's take on that decision, which is their prerogative. regardless of the higher court decision, it is our role here in congress to decide what the law is and how we're going to make this work for law enforcement for tech communities and for privacy. so with that said, you have representative hakeem jefferies from new york working with congressman marino from pennsylvania and colleagues over in the senate, senator hatch and
coons, to find a solution that will reflect today's realities , that will balance our fundamental privacy rights and our law enforcement needs. so with that, we look forward to lively discussion and we will take back all that is discussed here to our bosses. we hope soon that we will have a product that we can move that will make sense for everybody. >> thank you. thank you both for your remarks. we're going to turn now to our panel of experts. i'm going to start by asking richard downing from the justice department. richard, could you first describe starting with the issue of that have been of interest to the united states and united kingdom on foreign government and foreign company cooperation. first, what is the issue from the perspective from the justice department from a law enforcement perspective? what is the problem that you're
trying to fix? and then two, what is the current status of the justice department's efforts to move this issue forward? >> sure. i think it's important to start with the problem as you point out. the paradigm case that i think we should be thinking about is a situation where there is very serious crime imminent or has happened in a foreign country. let's say that u.k. in this case, and they are trying to solve that crime. it is a murderer. scotland yard opens an investigation. they search house and question witnesses. they seize a cell phones. they're and to do all the investigation except there's a chunk of their case that is not located in the u.k. instead, it is located in the united states because it is a social media account or e-mail account or whatever it might be. in that situation, they would normally go through the process m-lap process.
that process is universal that's being too slow and not up to the needs of speedy and important investigations that are going on. the providers are also in a jam. they see the u.k. needing this data. the u.k. could issue their own legal process and direct providers to comply. the u.s. providers are worried that if they did that for data stored in the united states, it would be in violation of u.s. law to disclose it. yet it is a very weird situation. why should u.s. law be controlling in this situation? it is her happenstance that data is stored in the united states. some have suggested that we bar awayke that fa and let u.k. law control completely and not worry about the location of the data. we've taken slightly different approach. the providers came to us some time ago during the last
the providers came to us some time ago during the last administration and asked if we would work with them to come up with some sort of an arrangement where the blocking statute, the u.s. law that prevents the provider would be lifted in certain circumstances and certain countries. that's the genesis of this u.s., u.k. arrangement. in order for that to be need to havewe congressional action to change the law. you'll see that idea was spawned in the last administration and now in this administration it has been taken up again. last year, we released a proposal and almost identical proposal released this year by this administration because it is practical, useful thing. it which has a number of important benefits. it helps our foreign partners, it's important that we support the needs of the u.k. and protecting his public safety. it supports the providers. it gets them out of this position being in between two
countries laws, reduces the incentives for data localization. because countries that would like to sign up, would have to meet a series of robust privacy protections, it has the effect of raising privacy ideas across the world. it has also reciprocal benefits for the united states in those situations where data maybe stored in the u.k. >> what are the two parts of the proposal? there's an agreement that have to take place between the two countries, then there is the legislative component. can you explain -- this isn't just a matter of congress passing law, there's different pieces that has to fit together. >> the idea is that in order for this to be worked out in a sort of way that does respect the need for a robust set of privacy safeguards and for robust civil liberties and what not protection, there has got to be a system for evaluating which
countries would be appropriate for this. so the mechanism that we proposed there would be a bilateral agreement between the united states and that foreign country, and we would work out the terms of that. in order to have that happen, there has to be legislation that lifts the blocking that is in current law. what the basic legalization says, if there is a bilateral agreement and it meets a set of really robust standards, in that situation, providers are entitled to disclose information in response to foreign court orders. those requirements are actually fairly stringent. it requires that orders for example, be individualized. there's no bulk collection. it requires that orders be based on credible facts and particularity so they are specific to individuals and there is a real basis for them. they are not allowed to target u.s. persons. this is about solving foreign crimes. it's not about targeting u.s. persons. u.s.ey want to target
persons, then they have to use the existing legal process. it's a lot of stuff designed to make sure countries qualify for this and we entered in the agreements with our ones that we share basic baseline civil liberties and legal systems that we can respect and agree with. professorlet me ask dascal. gaskel if you're looking for background reading, she has done lot of academic work, including long and on thees website. professor, can you then professor, can you then take what richard has described and explain for our audience what he
just described sounds perfectly reasonable. to the initial server, what are they sticky issues come the points whereg there are areas that still need to be worked through in order for congress to feel comfortable passing some type of legislation on this issue? >> thank you. i agree that this a very reasonable proposal. i think that it does mediate between the various privacy and security and sovereignty concerns. it is an approach that ought to be endorsed. there are critiques of it. i'll talk about those in a second. why do i say that? i say that for some of the reasons that richard talked about. we are talking about a situation in which a foreign government needs access for solving local serious crimes, and previously the foreign government used to be able to get that according to their own rules from their own providers, their own telecoms. , a variety of other sources,
and because of the changing nature the internet, because u.s. companies control so much of the world's data, they are increasingly finding themselves in situation where they need access to data that happen to be u.s. held and u.s. stored, and these countries understandably frustrated. that frustration is leading to a number of different incentives that i think really need to be addressed. it's leading to -- it incentivizes companies to mandate data localization. if the data is local, they don't need to deal with the u.s. and get it according to their own rules, privacy protected or not as the case may be. also incentivizing foreign governments to increasingly seek access to data without with regard to u.s. law so it's putting companies in the middle. they basically have to decide, o
and it's not just a hypothetical concern. there's been executives who have been -- who have been arrested and detained because of failure to comply with foreign demands for data and when u.s. law prohibits them from doing so and when foreign companies get frustrated, they seek out other means of accessing data and i think we see here a link between the debate that we are talking about right now and debates with description and other means of finding ways around some of these problems. blems. that is one of the reasons why i think this is so important and why i think the legislation offers pretty very reasonable response to this. because what it does, it does not require a u.s. company to provide data to foreign government. it simply lifts the bar in those situations where the u.s. and the foreign government had entered into agreement. it sets a number of really critical limitations.
to governments, the foreign partner have be certified by the executive branch as satisfying basic rule of law standards. then each request in addition has to meet a number of criteria that richard talked about. most importantly, these foreign governments cannot get access to the data of a u.s. citizen or legal permanent resident or any other person physically located in the united states. they also cannot get the data with the intent of then sharing the information with the united states and if they access the data of u.s. persons or legal permanent residents, they are required to put in certain protection in place. in addition, the request have to be particularized, targeted. there's limits under duration. there's a requirement of judicial review. i think where the critiques come in are with the specifics of what's required. there are suggestions that some of the language judicial review
or oversight, not entirely clear what oversight means, it requires judicial review. there's other questions about the predicate factual standard. credible facts. there's some who think it should be higher than that. i personally think one thing that should be included any my final bill would be some explicit mechanism that protects the company. they have any questions about whether or not request meets those standards, it would protect them, allow them to kick it up to the department of justice and kick in the other mutual legal assistance treaty process. so there's clearly minor modifications that i think that can be made to this piece of legislation, but as a whole, i agree with the basic premises. it is a reasonable approach and needed. .> thanks jen i will turn to nema guiliani
from the aclu. why should we concerned about creating a legislative framework for a foreign government to request communications data from a u.s. company? >> sure. first, thank you for having me at this panel. i'm really glad that we're discussing this issue. i want to say at the outset, i think that the aclu and largely many privacy and human rights groups disagree with the proposal. amnesty international, human rights watch in the aclu have come out in opposition of the proposal. i can't think off the top of my head of u.s. based privacy group that have done full throated endorsement of the d.o.j. proposal as written. i think the reasons are for couple of major reasons. the first is, we hear, richard said this and jen said this, this isn't about u.s. persons. this is about targeting people
overseas. i think that that is a bit of a fig leaf. if i'm an individual in the u.s., we communicate with people overseas. obviously the standard that is going to apply to targeting of that overseas person affects collection of my data, my conversation with somebody overseas. and so i think this idea that simply because a target cannot be someone in the u.s. that u.s. privacy interests aren't implicated is simply false. let's say the u.k. government wanted to collect a conversation i had with somebody in the u.k. they were investigating that citizen of the u.k. for a crime that had occurred. under today's system, they would have to comply with essentially the m-lap process which would require them to generally comply with a warrant standard. my data, my conversation with somebody in the u.k. is protected under u.s. constitutional standards.
if that standard is dropped and it's the requirements are lessened and we can, that affects my privacy. we are creating a system where incidentally you can collect the information about people in the u.s., citizens and green card holders, under standard that is lower than a warrant standard lower than a standard potentially lower than would apply to government to do that collection. that i think is a significant concern because a proposal doesn't prohibit foreign governments from voluntarily sharing information with the u.s. government in certain cases, i was can make to court and against somebody. the second concern has to do with exactly what it allows.
interception, wiretaps essentially. in the u.s. under federal wiretap act, congress obviously reflecting the perception of the public put in place requirements that applies when the government can do a wiretap. in the u.s. wiretap for certain types of crimes, robust procedures.u when you see on tv officer shuts off. you general -- generally useall wiretapping when you've exhausted other means of obtaining information. all of those aren't required for foreign government who is want to wiretap using apparatus, what you're saying, a foreign
government like the uk and other countries who may enter into bilateral agreements, may not require but the u.s. government would have to comply with. what you're talking about, generally, potentially of lowering of standards as it applies as individuals overseas including the conversations they may be having with people in the u.s. >> okay, great. that's an excellent outline of the concerns. whether he come back to the question of stored data band-aid before we to that, i want to turn to stephanie so that stephanie can explain to us here what is the -- what are the equities, what is the interest from the u.s.-aid technology sector creating fame work with compliance with foreign government requests. >> well, first of all, thanks, carrie and thanks to the
internet caucus for hosting this event. internet caucus for hostis event. i think this is -- i actually think there's a lot of agreement on this panel about what the principles that we need to be protecting when we're talking about the difficult issue of when foreign governments can get data about people -- can get data that lives outside the borders, often about people who are not their own citizens. it implicates complicated matrix of law that don't all talk to each other very well. i think the main disagreement is how to accomplish that while maximizing the ability of legitimate law enforcement need to get material that's related to terrorism and to help keep us all safe, while also maximizing on the curve the privacy protections of all the people who use the internet on a daily
basis, so reform government surveillance is a group of 11 all thes that are companies that make the operating systems for this, have all the apps you use this, that enable us to communicate with each other on a day-to-day basis. rgs formed shortly after the snowden disclosures to support the passage of u.s.a. freedom act. even more specifically, to provide a forum for companies to have detailed conversations about what exactly those reforms should look like and to make sure that everybody was really pulling on the same oar get the important reforms to section 215 done. going forward, the companies have similarly been concerned about other issues that implicate government access to data around the world, and the flip side, of course the privacy rights of the consumers that use these internet platforms all over the world. we have been very involved in
fault in discussions about encryption, the european safe harbor and i've is a shield in existence. we have been involved in all kinds of issues that have arisen in the congress over the past few years. downose would water privacy protections. we have been involved in suggesting reforms to 702 this year. the most important priority is to find a solution to these cross-border issues. we are very much in favor of the language that the department of justice proposed regarding moving the blocking and entering into a bilateral agreements on a limited basis.
emphasize that there are five pages of requirements in the bill language. including limiting those reciprocal arrangements. there are all kinds of ways that we can improve definitions in that language and processes in that language. to make sure that what we are doing internationally for ibis -- the material that these internet companies have is not theirs. it is the communication of consumers all over the world. when we look at solutions to figure out what governments can get this information and under what circumstances and what laws should govern that ability to have tormation, what we focus on is not -- is it -- is
the inquiry over when we know it is a u.s. company? the data doesn't belong to microsoft or google, the data belongs to the people having the conversations. think thedo they people are going to govern when a foreign government wants certain kinds of information? it is what sits at the crux of that. they are the ones with a data center here and a customer over here asking for that data. the ones trying to figure out which law applies, when they should comply, what the due process is. process -- emet lat process such asc it is,
companies arespan talking about replacing it completely. they would only be available for governments that are rights- protective, substantive and procedurally. this seems like a good solution for situations where governments througheed to get important situations quickly. thek selecting through issue of why it is so important to the technology sector. i want to come back to an issue that giuliani race which is the issue of electronic surveillance and in real-time the ability of foreign governments to request from u.s. companies real-time surveillance results. i will turn back to our department of justice representative and ask him two
things. is this proposal geared toward law enforcement challenges? stephanie mentioned terrorism as well. is this a national security problem? at his question one. and question two, does this doj administration proposal -- would it cover real-time surveillance? the ability of a foreign government to request the cooperation of a u.s. company in real-time surveillance? is,hat correct, and if it why is it part of the proposal? >> the way that the proposal frames it is that it covers serious crimes including terrorism.
terrorism is often regarded as a national security matter. about spies spying on other countries or any classic espionage. this is about serious crimes including terrorism falling into the category of criminal to the tea. this proposal would cover wiretapping and the wiretap act. we have to remember that the basic paradigm we should be thinking about is a crime in the u.k. and that the u.k. is trying to solve. you can imagine an organized crime figure in the u.k. and the need to wiretap that to see what their plan is or if they will commit a murder or something.
it is fortuitous that the communication has to be in the united states. model of therrent way they are routed, that would be done under u.k. law in the u.k.. that situation, i would say that is the default. if the u.k. person would call in and get set up on the wiretap, that person would have zero rights at all. in the u.s., they would have a lot of rights. the u.k. cannot target them, and there are a lot of regulations that they would have to comply with such as credible facts, particular richie, exhaustion of alternatives. end, they have to
minimize the u.s. persons to get involved in that conversation. have thethen -- the bottom line u.k.ike the u.s., the views this as a critical part of protecting public safety. if the don't have the thistunity to have arrangement to get access to it, it has the -- it does not solve the underlying problem where if they will insist on decryption disabilities or data regulation, or something else, they are facing serious terrorism and criminal threats. this is a fair and balanced approach for how to deal with that to avoid unnecessarily impinging on anyone's writes,
but meeting the legitimate needs of the u.k. >> does anyone want to respond? >> that was so effective that no one has an answer. >> i will just reiterate. if the u.s. government [inaudible] the wiretap act -- was it not on ? sorry. the wiretap act requires notice. the implication of third parties. allowing discretion for judges to order notice and information to those third parties and we are creating a framework that fundamentally doesn't have those that willuirements now be permitted by foreign governments.
it's a way that could have very real implications for people in the u.s.. for information that can be collected by a foreign government and can make its way to the u.s. or a criminal proceeding even though it has not complied with the requirements of the wiretap act. robust saying there is a set of requirements that apply to countries. from our perspective those requirements do not seem very robust at all. been far, you have described primarily in terms of the u.s.-u.k. relationship. they are an ally, they are a in collaboration and national security matters, but the legislative change is not country-specific.
so what happens for the rest of the world? maybe there are a few other countries either in north perhaps or europe, who have -- similar to the united states, maybe not the constitution, but similar judicial requirements -- what happens when other countries come knocking on the door wanting this same type of arrangement with u.s. companies? >> it is a great question about scalability. i want to step back and think about this problem a little bit. what we are facing, because of the way the internet is structured and the dominance of the u.s. companies, something that we as a nation have an , becausein promoting of those things, there is a
the characterween of governments and things that used to be specific to their jurisdiction and things that move around and are not specifically located to their territory. there are fundamental questions about who gets to set the rules. should the specific supply because the data happens to be located here? it's the same problem that we spoke about earlier with respect to the ireland case. should irish rule apply because it happened to be in ireland? ireland may not have any other equity in the case. stepping back and is worth asking some of those bigger questions. homee country that is the of so much of the world data,
and has set some of the rules, there is a real opportunity to demand baseline standards and to try to harmonize the borders, with legitimate access and legitimate cases, so where the u.s. won't have a lot to say about the roles that are that apply and you might see a reduction of privacy rights. to your second question or to your real question, i think that the idea -- if this legislation were passed, hopefully it is passed, there is a u.s.-uk draft agreement that would be implemented pretty quickly and i think the hope is that there would be other countries that would meet the standards andhe perhaps adapt minor changes in own practices in order to meet the standards and i think over time, ideally you would be able to expand that out further. there are some interesting that
people talk about in particular peter has been writing about this a little bit, the idea tha some countries could have thi specialized points of contact. even if the entire country could be certified as meeting requirements, you could have units within the country that would be explicit to inquire that they would meet standards. f india, you may trust a unit for that request. >> if i can turn to stephanie from the industry perspective, how are the companies who will be on the receiving end of these requests from other governments. how are they looking at the issue -- if this legislation work to pass, and this would serve as a model for other arrangements with other governments, how would the
industry view the potential request downstream for agreements with other countries? industryens from the perspective when they might be facing requests from india china come a brazil or other types of countries that have different legal and judicial systems. >> i don't foresee that several of the countries you just listed would meet these standards to enter into an agreement. i don't think that china will be high on the department of justice's list. that would enter into an agreement to go directly into technology company. upset if weould be were presented with such an agreement. there are other countries that
could meet the standard and the most exciting thing about this proposal is that there are other countries who can not quite meet the standard, but with some changes they can. it is important for them to get with u.s. companies that have the bulk of the information that travels the internet. that is something that is really important to the company, something that makes it possible for legitimate law enforcement asks to be met quickly. a make sure they are met in rights-protective manner and to raise the bar on privacy protections around the world. i know we will disagree on whether this particular proposal a couple shows that.
if you would go point by point i thinkthe proposal -- it sets the bar higher than it is right now. it will be beneficial to consumers all over the world. it will discourage them from blocking laws and enacting data localization laws. it will give clarity to people all over the world. we have very stringent due process requirements in this country. there are plenty of other companies that do not view the docedural part exactly as we , but they have a fair amount of inrsight and independence the way that they review and handle law-enforcement requests.
to see if we can get other law enforcement to honor our requests. we are trying to maximize law-enforcement and privacy. >> it sounds like part of the confidence trying to be instilled in this legislative it does and agreement, ory on judicial oversight some kind of institutional oversight that would take place ensureforeign country to that the request being made conforms with the fourth amendment and privacy principles to know that there is a process that was involved. how would that play out.
allow the oversight so we can envision it a little bit to provide some comfort for those he might be concerned of the privacy and civil liberties per spec if. first layer of protection would be based on the foreign law itself. the foreign country investigating a crime involving its citizens. legalt situation, the procedures and protections inherent in that set of rules would be the first line of travesty defense. to make sure that the agreement is being lived up to, there is an agreement of oversight done on a bilateral basis. where theprovisions united states would be able to make sure foreign governments are not intentionally targeting u.s. citizens.
they will have the protocol in place in the practice is that it is being done directly. and the whole agreement must be ped everyry -- reup five years. if a provider receives a piece of information from a foreign government, it could raise it with the united states. the united states may block any particular order if it is not in keeping with the agreement. the other thing a went to emphasize is that the congressional role is quite strong. there is a provision notice that would be provided to congress before any agreement goes into effect. this is the idea we happen trying to work in close partnership with congress all
day long to make sure we are doing the right thing. that is the baseline, we are acting reasonably and trying to solve problems that meets the larger circle of equities holders. those safeguards sound to the other panelists? >> i think that the standard and i will than -- the standard [inaudible] the first is the idea of individualized review. doj takes a look at that request and looks at it to examine whether it complies with human rights standards. reviewire individualized does not exist under the new
framework. question whether companies have the ability and the resources to do a robust individualized review. the do not necessarily have the incentive to do the same robust review. they are not on the hook monetarily, other than the reputation. replacinghat you are individualized review in and of itself is a flaw. we spoke about the congressional rules. i don't think a 60-day notification is as robust as it be. and, you know, simply by inaction from congress, certain agreements can go into place. i think that that's a problem from an oversight perspective and a congressional role needs to be more robust and third, even standards articulated in the legislation only say that
there are factors that need to be considered by the executive branch and in my mind that leaves a lot of wiggle room for the u.s. to enter into agreements particularly with countries that may have i consistent or spotty human rights records. think, for example, india, brazil, where in certain cases, i think, some of their laws are largely aligned with the u.s. but in other cases, i think we would have serious concern, you know, we talked about taking a step back. i think we should take a step back and think about the human rights activists in india who use it is internet and for yearh they have used the internet, u.s. providers can an expectation that their communications would be subject to a certain level of privacy and certain standards, not just out of, you know, the idea that privacy was important but because their life was on the line and so if we are thinking about putting a place a framework that leaves room for slightly lower standard to apply, that's something that wem should serious i will have to examine from a human rights
perspective and thinking about the effect that that could have on people all over the world. so we will open it up in a few minutes to questions. before we do that, i want to ask professor daskal, most of this conversations have been focused on uk agreement and whether the foreign government wants to access data from a u.s. company. we've also mentioned a couple of times the microsoft-ireland case. can you take a minute as you guys are thinking of questions, professor daskal, can you take a minute and distinguish the issue at play and how that's different in what's known as the microsoft-ireland case which the department of justice recently said it's appealing to the u.s. supreme court. >> sure, so the two-second summary although i assume everyone in this rooms knows the case, the case that was decided a year ago by the second circuit
and the issue in the case was the u.s. government received a washington on microsoft. microsoft refuse today comply on the grounds that the data thatcr was sought by u.s. government was in server in ireland. the u.s. warrants authority only has territorial reach and could not reach data that was outside of the united states. the government's position was actually microsoft ireland can access the data from washington. there's nothing extra territorial about this. it's been received on a u.s. company that can view everything the u.s. is government is wanting it to do from the uniteo states. .. thought that it was microsoft and said at least according to the circuit, the only reach the data that is physically located within the
united states. somehas been described by as a privacy victory. that for disagree with a moment. for the whole conversation about the robustness of the u.s. war authority, in this case the u.s. government accessed the data based on probable cause which is standardally higher than other places around the world. if the net consequence is the u.s. would like data located around the united states it needs to go to that foreign country and access it based on its own rules which may be less privacy protected. microsoft organizes it self anymore location-driven approach and was able to say that it is an ireland.
other companies, not as much. google's moving data around all the time. initially it wasn't even able to say if the data was what they wanted, inside or outside the ut it now says, but doesn't provide information about where outside the us and in some cases there may be no governments for accommodation of reasons that has access over data and a legitimate prosecution based on a warrant. at least five magistrate judges have ruled in favor of the government and in other circuite obviously and it's as kerry just said this case may be heard by the supreme court. i will say one more thing before and done, which is that i think that would be unfortunate. i think that this case is more, located and then can be resolved
with a simple microsoft ride for the government's right type situation, which is what the courts would ultimately have to do and that ideally we would see the legislation with are talked about coupled with a fix to this problem microsoft ireland that we basically set the default that the us government pursuant to a warrant based on probable cause in the investigation of a legitimate crime can access data without regard to the location, but with some caveats that are meant to take into account the interest of foreign governments in protecting their own citizens and their own residence of data, not based on the data, but the equity of foreign governments with respect to their own residence. there's a couple different ways you can do that. you can require that courts do what's known as a analysis take into account some of these countervailing factors when theg us government axing the data of a non-us citizens look at-- located outside the us there's a
couple of other approaches that have been discussed as well that we can get into. >> thank you. so, i want to turn to audience questions. if you have a question i ask that you stand, waive it to me and stan and identify yourself and then we have a microphone that needs to make its weight to you so we make sure your question is heard.one while someone is think you have a question i will pose a quick question to our panel. if you signal me i will now someone has a question. i know someone in here has to have a question. a couple times for the panel wev have mentioned data localization can one of our panelists take a stab at start off, what's bad about-- first of all what is it, and why is it that from either a government perspective or industry perspective? why should we talk to congress about legislative fix where one potential outcome is that we avoid global infrastructure
moving towards data localization. >> data localization as it sounds as when a government passes a law requiring data be stored in a certain location. generally it's in that country's borders. it can require that the data stay there and not move from the servers in that country or itou can require at the least some copy of the data remain within that country and the problem with that is that number one that can potentially break the way a lot of companies do business on the internet. makes it difficult for cloud providers to do business consistent with their business model and do business in a way that completely is consistent with the way their client use their data specially in enterprise setting where their consumers, business enterprisese and all kinds of different ways people are doing business internationally on the internet and that would potentially
really break that model and dictate to companies in a very unhelpful way how they manage wy and store their data. number two, that means then there is this data available in countries like russia or the russian government to get their paws in at will when they want and no one is really in favor of that. >> i was going to add that i think we have heard a lot of talk about puppies proposals will stop data localization. , to provide another perspective , not to say--ctive. >> to be clear i don't think i am saying it would stop localization i think we would this incentivize. >> i think we have tois realistically realize when the proposal on its face doesn't necessarily prohibit data
localization and that is something to consider. of the second is that i think the issue of data localization is more complex, i mean, you have seen concerns over usll surveillance practices. some countries talk about data localization or foreign companies can use that as a selling point, so i raise it to say that question surrounding data localization want liket agree with the concerns of stuff he outlined is more complex and we shouldn't assume this in and of itself will stop that from happening. more needs to happen. >> i know the correctional internet congress try to keep its events on time your guy will give one last chance if someone has a question. we have one question over here. identify yourself. >> robert thomas, journalists. my question is about maskingng what i will call over tasks, third parties who are in contace , who have been contacted by people overseas. the example is we can filter our
linkedin contacts or facebook friend request, but we cannot readily filter the people who follow us on twitter, can't readily filter the people who send as private messages. how would your protections, your safeguards present innocent bystanders but say you, you, you who have been contacted by someone from eastern europe orr wherever by a criminal, how is the innocent bystander protected from being caught up?wh what to masking techniques are available or whatever else. >> i will ask richard to speak briefly to how this proposal might deal with incidental collection of individuals who are not targets or subjects of investigation. >> i think the scenario we should think about is something like that uk needs to get a uk wiretap order to solve a uk
crime and it turns out that they have someone in the us contacting them. as i understand your question correctly. i don't know that there is a single silver bullet way of answering this. i think it would be one of those things that has to be worked ouo in the decal-- details in a protocol to make sure they weren't intentionally doing it in the best years are looking that have been intercepted and they would be alert to the idead there might be a us person if it were discovered it would have to be minimized, but açai, sealed, not used except under specialized circumstances, so-- >> it would be sealed? >> minimized later. >> thank you very much. i know-- i think we have reached our limit of our time. thank you all very much forry joining us to get-- lake and please join me in thanking our panel. [applause].
[inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] >> the national governors association summer meeting live today starting at 9:45 a.m. eastern on c-span2, governors look at cyber threats facing our country with opening speaker vice president might-- mike pence and kill speaker canadian prime minister justin trudeau and live saturday on c-span starting at 9:30 a.m. eastern, governors talk about computer
coding and the importance of computer science in school with girls who code ceo, former microsoft ceo steve ballmer and tesla ceo elon musk who will speak at the governor's closing session. watch the national governors association summer meeting live on the c-span network. c-span.org and listen live on the seat-- free c-span radio app this morning a look at a new report by medicare trustees on how long that hospital insurance program is expected to last live at 915 eastern on c-span3 and streaming on our free c-span radio app. later today live coverage of a discussion about renewing section 702 of the foreign intelligence surveillance act allowing access of non-us resident communication outside country. join us live that new and
eastern on c-span3, streaming live online at c-span.org or the free c-span radio app. >> sunday on q and. >> speaking about the distribution of wealth, corruption can get you arrested and in so much trouble. >> saudi arabian women rights activists talks about her time in prison after challenging the saudi government ban on women drivers in her book "daring to drive, a saudi woman's awakening >> it's a huge country and women can't drive. we wanted to change this by the movement and it's going on. we are still campaigning for the right to drive. for the right to drive its more acts of disobedience because women are not supposed to drive.